Šta je novo?
Od:
Filteri

"Hello hypervisor, I'm geohot"

^ hahhaha

nemoj ti, zajedno sa tim iz kurira da dobijes jedan samar od Mrkonjica xD
 
Offtopic: Sto se Kurira tice, zapaliti redakciju sto pre i uhapsiti urednika i ostale zaposlene, toliku kolicinu bljuvotine nikad nisam nigde video, samo pogledajte naslove u tim novinama i sve ce vam biti jasno.
Izvinjavam se moderatorima.
 
Mespatla je napisao(la):
Offtopic: Sto se Kurira tice, zapaliti redakciju sto pre i uhapsiti urednika i ostale zaposlene, toliku kolicinu bljuvotine nikad nisam nigde video, samo pogledajte naslove u tim novinama i sve ce vam biti jasno.
Izvinjavam se moderatorima.
Kliknite za proširenje...

Kako da igram igrice i da spamujem po benchu iz tvorza? :( Hvala ti.. :d
 
Mislim da je Geohot jako povredjen sto doticni nece da mu masira ego. :)
 
evo par novina :)

1.
Geohot PS3 exploit FIX and tutorial by xorloser

As I’m sure everybody heard, the memory access exploit for the PS3 hypervisor was released recently by geohotz. I was finally able to replicate his hack so I thought I’d take the time to help out others who may also have trouble due to being linux n00bs like me :) If I were to post everything at once it would be too much work and I’d never get around to it, so I’ll post bits at a time to ensure I actually do post it heh. Today’s post will talk about the software side of the exploit.

Please note that the geohotz exploit software was hardcoded for the v2.42 firmware, I have made a small fix that attempts to dynamically support all firmware versions. I have only tested and used it on v3.15 however.
Kliknite za proširenje...

2.
Geohot: PS3 100% Hacked, no need for rootkey and more

Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.

In OtherOS, all 7 SPUs are idle. You can command an SPU(which I’ll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn’t get the Cell root key. And I/we never will. But it doesn’t matter. For example, we don’t have either the iPhone or PSP “root key”. But I don’t think anyone doubts the hackedness of those systems.

I wonder if any systems out there are actually secure?
Kliknite za proširenje...

2'. - sa twitter-a
Today I validated my theories about running the isolated SPUs on the PS3 as crypto engines. The PS3 is 100% hacked. So where my homebrew at?
Kliknite za proširenje...

3.
PS3 Hypervisor and Bootloader Dumped

PS3 Hacker CJPC has managed to dump the PS3 hypervisor and LV1 and Bootloader LV0 via PS3 RAM. He has provided a brief explanation of what he did and a download file to the exploit can be found in the VIA link:

"We are happy to report that the PS3 Hypervisor LV1 and Bootloader LV0 are dumped from the PlayStation 3’s RAM after getting our SX28 Hardware a few days ago, utilizing code for glitching and mashing buttons for hours - the exploit eventually will get triggered!

We tried a few different ways to dump out the real memory - the biggest “problem” was the fact that you can’t just simply use File I/O code in a kernel module. Furthermore, you can’t call the lv1_peek function from user mode either.

Luckily, resident DEV kakarotoks was up to the challenge. After some trial and error (and too many PS3 crashes!) he made a kernel module which maps the “real” PS3 memory to a device in /proc. The /proc area lets the kernel and userland interact some.

Basically, the device /proc/ps3_hv_mem is created when the kernel module is inserted. Once it is inserted, you can use dd to read the device. By doing this, the device gets passed arguments, which is passed along to lv1_peek - which in turns reads out the real memory.

Be advised, don’t go beyond the PS3’s upper memory limit. At around 260MB, the PS3 tends to crash - it does not like trying to read beyond RAM limits! So, for usage:

First, run the exploit, and get it triggered and working - that’s the hard part!

Next, download the attached file, inside are three files, a Makefile, the ps3_hv_mem.c and a pre-compiled version. Stick these in a folder, and run make. It will then compile a kernel module for you (ps3_hv_mem.ko, or use the pre-compiled one). Then simply type: sudo insmod ps3_hv_mem.ko

Enter your password and check /proc for a ps3_hv_mem entry, or your dmesg. If it is there - let the dumping begin!

You can dump out the PS3 Hypervisor and Bootloader (and the rest of the real memory) via dd. You can use the command:

dd if=/proc/ps3_hv_mem of=PS3_Memory_Dump.bin bs=1024 count=10K

That command will dump out 10485760 bytes, or about 10MB - which nicely includes the goodies like LV0 and LV1. Finally, you can also increase the count, which will increase the amount dumped (multiply by blocksize)."
Kliknite za proširenje...

4.
Sony anwers to Geohot’s PS3 hack with a patent

Recently a new patent by a SONY employee was published on the patent site at faqs.org. It seems it is SONY’s answer for Geohot’s progress. Take a look here:

“A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code.”
Kliknite za proširenje...

toliko o geohot pljuvacima koji su rekli da nista nije uradio :)

edit:
ocigledno da onom kome je bilo upuceno je i znacilo to sto je uradio..
 
Poslednja izmena:
Još samo da meni neko objasni šta realno može da se očekuje od ovih vesti :)
 
dam mu ja 100e ako bude ista od ovoga xD a ne samo njegov uspeh :)
 
evo ga onaj sujetni SKFU se opet javlja, ovaj put na geohotovom blogu :) .. jos se krije iza fake imena :)

43928833.png
 
kimi je napisao(la):
zaradio je on mnogo vise od toga sto je hakovao ajfon.. je*e se njemu za tvojih 100e :)
Kliknite za proširenje...

ma znam....nije to poenta...nego ono tipa: VODIM TE NA PIVU ako uspes "to i to"

e tako i ja njega, posto jos nema 21 za alkohol,tj da ga vodim na pivu, dam mu 100e xD da kupi sebi nesto



suvise se ovde dana/nedelja drvi o ovome,a nista konkretno. samo to kazem. :) pratim pratim,nije da ne pratim, i voleo bih da mogu da dam 50ak-100eura i da rezhem, al kanda nece to jos :)
 
OTAC je napisao(la):
suvise se ovde dana/nedelja drvi o ovome,a nista konkretno. samo to kazem. :)
Kliknite za proširenje...

kako nista konkretno? :)

pa odma je receno sta znaci onaj hak, da to ne znaci da sutra svi mogu da skidaju igre sa neta i rezu/pokrecu isoloaderom, vec da je to samo prvi korak koji je omogucava ovo sto i izlazi polako, i da eventualni pirati nece u narednih par meseci..
 
Smorni ste... Kimi se brine samo gde ce da nadje medije za svojih novih 270 igrica.... :d
 
Bitno da kimi koristi novosti da napuši ljude (iz meni nepoznatih razlika). To što mu nije jasno šta one reči gore znače (kao i svima nama) i to što "prvi korak" traje duže nego ulazak Srbije u EU... nema veze.
 
S'obzirom da su uspeli da dumpuju (procitaju i snime) to sto se nalazi u ram-u ps3ke ... uh. To je uspeh uprediv sa otvaranjem sefa Fort Nox-a ili sl.
Svaka im cast!
Ko uspe da procita onaj "odgovor" Sony-a u jednom dahu je moj idol! :D
 
Sto se tice onog patenta, cini mi se da je kasnije receno da je sony to patentirao ranije (tj. podneo zahtev), npr 2008. ako se dobro secam i da nema veze sa reakcijom na bilo sta sto je geohot uradio.

edit:

da, zahtev je od 8. avgusta 2008. a tek sad se sve zavrsilo (bas fina slucajnost)

http://appft.uspto.gov/netacgi/nph-...&s1=20100037068&OS=20100037068&RS=20100037068



Nevezano sa bilo ciji stav o hakovanju playstation-a, ovaj primer najbolje pokazuje sta je internet, kako sve vesti mogu razlicito da se tumace, kako lako moze da se dodje do pogresnih zakljucaka i da u isto vreme ispred sebe mozemo da imamo tacnu i netacnu informaciju sa raznoraznim tumacenjima kojekakvih ljudi (kimi, ne mislim na tebe, naravno, pricam generalno).

99% ljudi nema strpljenja ni da procita ono sto pise, a kamoli da razume. Sad odjednom ceo net bruji i ima svoj stav o nekim programersko-hakerskim forama, a niko blage veze nema o cemu se prica.

Ali, posle svega ovoga ipak ostaje samo vest da je SONY novim patentom reagovao na geohotovo hakovanje ps trojke...
 
Poslednja izmena:
Opet neki tekst koji moze da razume samo neko ko nije iz kuce izashao nikad :)
 
Kako je lepo "etiketirati" pismenije ljude od sebe.
Ako znaju više onda nisu nikad izašli iz kuće.
Ako rade dobro plaćen posao to nije kreativno. :D

Vidiš, nazire se razlog zašto si ti nezaposlen a tvoja žena ima 20k platu. :)
 
Ja i dalje tražim da nam neko malo upošćeno prepriča šta se sve ovde dešava, ali takvog ne nađosmo.

PS. Ako neko zna, a lenj je da podeli svoje znanje = je tome da ne zna.
 
Ma to kimi dobio Blade-ove sa Cell procesorima na poslu, pa poturajuci ove tekstove pokusava da hakuje svoje servere :d :d
 
Dajte ljudi nije uopste toliko komplikovano. Prosta fora je zeznuli su softver da pomisli da deo memorije vise niko ne koristi, a ostavili su "pointere" na njega i poceli da citaju sta upisuje. Iterativno su uspeli da "progrizu" na ovaj nacin celu memoriju i da snime sadrzaj iste. Uz put su ubacili par svojih funkcija.

Dalje ovo moze da se iskoristi na razne nacine... ono sto fascinira je dovitljivost ovog momka... prakticne primene za sada nema.

Za sada je i dalje ostao netaknut SPE koji se bavi ekripcijom, kao i GPU. Potencijalna primena u ovom trentuku je mogucnost da podignete neki manje ogranicen Linux ako neko uspe da napise drajvere (malo teze). U buducnosti analizom memorije neko bi mogao da anulira efekat enkripcije... ako i kada uspeju da shvate sta se to nalazi u memoriji koju su uspeli da procitaju.
 
Bane R je napisao(la):
Ako neko zna, a lenj je da podeli svoje znanje = je tome da ne zna.
Kliknite za proširenje...

Bane je hteo da kaze otprilike ovo:

Albert Einstein: You do not really understand something unless you can explain it to your grandmother. :D

Ontopic: Ja sam ovo procitao i iskreno nisam razumeo bas nista.
 
Miroslav.Cvejic je napisao(la):
Kako je lepo "etiketirati" pismenije ljude od sebe.
Ako znaju više onda nisu nikad izašli iz kuće.
Ako rade dobro plaćen posao to nije kreativno. :D

Vidiš, nazire se razlog zašto si ti nezaposlen a tvoja žena ima 20k platu. :)
Kliknite za proširenje...

Ti ako si otishao na F1 i fotkao tamo, ne znachi da se automatski razumesh u automobile i fotkanje :d Pre ce biti da si dobio karte na poklon pa otishao na piknik :) E tako je isto i onaj shto nije izashao iz kuce "pismeniji" od onog drugog :)

A inache ja radim i dobro placen i kreativan posao, prc :)
 
Morate se prijaviti ili registrovati da odgovorite ovde.
Nazad
Vrh Dno